Recent world events demonstrate that no industry is immune to the disruptive effects of cyberattacks. Systems of systems architecture, commonly used in both information systems and defense weapons systems, provides greater opportunity for software vulnerabilities to spread the negative effects of cyberattacks across the system. Abnormal behavior of a system or subsystem is often attributed to faulty equipment or software. Post-mission malfunction analysis traditionally focuses on system functionality rather than determining if a cyber-adversary is responsible for the abnormal behavior. Despite the demonstrated and growing threat of cyberattack against legacy commercial and military platforms, these systems do not presently support passive monitoring, active defense, or forensic data collection capabilities focused on enhancing cyber security. These systems are not well-suited to existing cyber intrusion detection or prevention technologies, due to their prevalent use of communications busses and networks that are not standard within traditional Information Technology (IT) environments. Furthermore, current approaches from the IT industry involving signature-based detection are not suitable for threat mitigation in the highly critical applications served by these platforms. Existing techniques can only identify a threat after it has been initially observed and categorized on another (e.g., compromised) system. Defense against zero-day attacks, which can leverage vulnerabilities, exploits, techniques, and code entirely unknown to the defenders, is crucial to commercial and government security.
Although the following Detailed Description will proceed with reference being made to illustrative embodiments, many alternatives, modifications, and variations thereof will be apparent to those in light of the present disclosure.